diff --git a/packages/core/src/__mocks__/index.ts b/packages/core/src/__mocks__/index.ts index 564cdb340..c02112736 100644 --- a/packages/core/src/__mocks__/index.ts +++ b/packages/core/src/__mocks__/index.ts @@ -38,6 +38,7 @@ export const mockApplication: Application = { idTokenTtl: 5000, refreshTokenTtl: 6_000_000, }, + protectedAppMetadata: null, isThirdParty: false, createdAt: 1_645_334_775_356, }; diff --git a/packages/core/src/routes/applications/types.ts b/packages/core/src/routes/applications/types.ts index ff8ad5501..516f22859 100644 --- a/packages/core/src/routes/applications/types.ts +++ b/packages/core/src/routes/applications/types.ts @@ -20,7 +20,7 @@ export const applicationResponseGuard: typeof Applications.guard = EnvSet.values .isDevFeaturesEnabled ? Applications.guard : Applications.guard - .omit({ isThirdParty: true, type: true }) + .omit({ isThirdParty: true, type: true, protectedAppMetadata: true }) .extend({ type: z.nativeEnum(OriginalApplicationType) }); // @ts-expect-error -- hide the dev feature field from the guard type, but always return the full type to make the api logic simpler @@ -28,5 +28,5 @@ export const applicationCreateGuard: typeof originalApplicationCreateGuard = Env .isDevFeaturesEnabled ? originalApplicationCreateGuard : originalApplicationCreateGuard - .omit({ isThirdParty: true, type: true }) + .omit({ isThirdParty: true, type: true, protectedAppMetadata: true }) .extend({ type: z.nativeEnum(OriginalApplicationType) }); diff --git a/packages/schemas/alterations/next-1702877515-protected-app-configs.ts b/packages/schemas/alterations/next-1702877515-protected-app-configs.ts new file mode 100644 index 000000000..72d817cab --- /dev/null +++ b/packages/schemas/alterations/next-1702877515-protected-app-configs.ts @@ -0,0 +1,18 @@ +import { sql } from 'slonik'; + +import type { AlterationScript } from '../lib/types/alteration.js'; + +const alteration: AlterationScript = { + up: async (pool) => { + await pool.query(sql` + alter table applications add protected_app_metadata jsonb; + `); + }, + down: async (pool) => { + await pool.query(sql` + alter table applications drop protected_app_metadata; + `); + }, +}; + +export default alteration; diff --git a/packages/schemas/src/foundations/jsonb-types/applications.ts b/packages/schemas/src/foundations/jsonb-types/applications.ts new file mode 100644 index 000000000..cfbf2b070 --- /dev/null +++ b/packages/schemas/src/foundations/jsonb-types/applications.ts @@ -0,0 +1,18 @@ +import { z } from 'zod'; + +export const protectedAppMetadataGuard = z.object({ + /* The host of the site */ + host: z.string(), + /* The origin of the site */ + origin: z.string(), + /* Session duration in seconds */ + sessionDuration: z.number(), + pageRules: z.array( + z.object({ + /* The path pattern (regex) to match */ + path: z.string(), + }) + ), +}); + +export type ProtectedAppMetadata = z.infer; diff --git a/packages/schemas/src/foundations/jsonb-types/index.ts b/packages/schemas/src/foundations/jsonb-types/index.ts index d27ae02df..f7eda8966 100644 --- a/packages/schemas/src/foundations/jsonb-types/index.ts +++ b/packages/schemas/src/foundations/jsonb-types/index.ts @@ -10,6 +10,7 @@ export * from './sign-in-experience.js'; export * from './sentinel.js'; export * from './users.js'; export * from './sso-connector.js'; +export * from './applications.js'; export { configurableConnectorMetadataGuard, diff --git a/packages/schemas/src/seeds/application.ts b/packages/schemas/src/seeds/application.ts index 29792520e..837c6d9d9 100644 --- a/packages/schemas/src/seeds/application.ts +++ b/packages/schemas/src/seeds/application.ts @@ -27,6 +27,7 @@ export const buildDemoAppDataForTenant = (tenantId: string): Application => ({ type: ApplicationType.SPA, oidcClientMetadata: { redirectUris: [], postLogoutRedirectUris: [] }, customClientMetadata: {}, + protectedAppMetadata: null, isThirdParty: false, createdAt: 0, }); diff --git a/packages/schemas/tables/applications.sql b/packages/schemas/tables/applications.sql index 3c9996969..6f6db0c97 100644 --- a/packages/schemas/tables/applications.sql +++ b/packages/schemas/tables/applications.sql @@ -12,6 +12,7 @@ create table applications ( type application_type not null, oidc_client_metadata jsonb /* @use OidcClientMetadata */ not null, custom_client_metadata jsonb /* @use CustomClientMetadata */ not null default '{}'::jsonb, + protected_app_metadata jsonb /* @use ProtectedAppMetadata */, is_third_party boolean not null default false, created_at timestamptz not null default(now()), primary key (id)